We’d like to notify you that Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), came into force on 25 May 2018 (hereinafter referred to as “GDPR”).
The controller of your personal data is Metropolitan Investment SA with its seat in Warsaw (00-113) at ul. Emilii Plater 53, e-mail: [email protected] The co-controllers of the data are entities affiliated in capital or personally with the Data Controller.
Personal data are processed in order to enter into and perform an agreement, to perform binding legal obligations, marketing, creation of specifications, analysis, statistics as well as in case of legitimate interest of a Controller (e.g. establishing of legal claims, business contacts related to performance of agreements).
Personal data are processed in accordance with a consent given for their processing (art. 6 item 1 letter a GDPR), necessity to perform a contract or take steps prior to entering into a contract (art. 6 item 1 letter b GDPR), comply with a legal obligation to which the Controller is subject (art. 6 item 1 letter c GDPR) or for the purposes of its legitimate interest (art. 6 item 1 letter f GDPR; e.g. establishing of legal claims, business contacts related to performance of an agreement).
Personal data are transferred to entities processing data on behalf of the Controller within the scope of their cooperation, and to entities processing data on their own name, in particular to entities that are financially and personally related.
Making of personal data available is voluntary but it is necessary for cooperation and performance of an agreement. Failure to make the data available would jeopardise or completely rule out the possibility of cooperation with Controller and co-controllers.
Personal data may be obtained directly from the data subject as well as indirectly during conducting of business activity, among others from contractors, personally or financially related entities, as a result of advertising and promoting campaigns and from sources that are commonly available.
Controller and co-controllers process usual personal data of clients, employees, co-workers, contractors. In order to obtain data in a manner that is different that obtaining of data from the data subject, there may be identification data (name, last name, series and number of ID card/passport), contact data (phone number, e-mail address, fax number), business data (position, place of work).
At any time the data subject shall have the right to demand access to the data, their correction, rectification or transfer, their erasure (right to be forgotten), limitation of processing, right to object processing of data and right to lodge a complaint to the supervisory authority.
In case of processing of personal data upon consent given by the data subject, the data subject shall have the right to withdraw the consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Personal data shall be erased after withdrawal of consent or if they become unnecessary for the purposes for which they have been collected. A Controller shall process personal data within the scope and period resulting from provisions of law.
Processing of personal data shall be subject to automated decision-making, including profiling.
Any comments and requests should be addressed to the Data Controller. Regardless of the above, you can exercise your rights with each of the co-controllers.